Technology has been developed to allow for more access to contactless communication interfaces by merchants and other application developers that were previously not allowed to design and develop mobile applications configured to provide payment capabilities using contactless communication (e.g., Near-field Communications hardware). Thus, merchant are developing payment applications that are capable of offering additional services to consumers using contactless or near-field communication (NFC) interfaces that were previously out of reach.
However, along with the increase in mobile payment application development, there has been an expansion in attempts by fraudsters to use mobile payment applications maliciously. For example, as the mobile device payment ecosystem has expanded, mobile devices (e.g., phones) have been used by fraudsters to perform fraudulent transactions by stealing credit cards and adding stolen account details to unauthorized phones. Traditionally, application developers integrated account issuer systems into an account provisioning or account enrollment process such that an account issuer agreed to the provisioning and/or verified the account before adding account details to a mobile payment application. This allowed an account issuer to know whether an account is being added to an unknown phone and/or otherwise determine if activities on an account indicate that the account is being used fraudulently. Thus, issuers could decline a request or otherwise authenticate a user before allowing the account to be added to the phone. However, as new merchant application developers and issuers embrace the mobile ecosystem, integrating every one of the millions of merchant systems (or other application developers) with every one of the hundreds of issuer systems to get approval before cards are provisioned on a phone to ensure the card is legitimately added to the phone has become unduly burdensome and technically difficult.
As such, many application developers have allowed accounts to be added to their mobile payment applications without verifying or obtaining approval from account issuers. Thus, because issuers are not contacted during account provisioning, fraudsters may be capable of provisioning account data into a phone that otherwise would be denied by an issuer.
Further, many mobile application developers have not informed relying parties (e.g., merchants) during transactions that such accounts added to the application have not been verified by an issuer. As such, the relying parties have no means for knowing whether an account has been verified prior to a transaction being initiated. Thus, relying parties do not know whether to trust the account information they receive during mobile payment transactions. Accordingly, there is a need to allow for unverified account information to be used in a transaction initiated by a mobile payment application without creating security concerns for relying transaction parties.
Embodiments of the invention address these and other problems, individually and collectively.